436 matches found
PT-2025-17267
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically fixing NULL dereferences in the ef100 process design param function. The issue arose because ef100 probe main and ef10...
DEBIAN-CVE-2025-21941
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipectx-planestate in resourcebuildscalingparams Null pointer dereference issue could occur when pipectx-planestate is null. The fix adds a check to ensure 'pipectx-planestate' is not null befo...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition in the PCM hwparams and hwfree calls...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: For Wi-Fi-related modules, such as mwifiex: The issue of warning messages during memcpy operations that span multiple fields in mwifiexconfigscan has been fixed. To address this issue, replace the one-element array in the struct...
The vulnerability of the PlaybackParams class in the Mozilla Firefox browser and Thunderbird email client allows a perpetrator to access confidential data.
The vulnerability of the PlaybackParams class in Mozilla Firefox and Thunderbird’s email client is related to synchronization errors when using a common resource “Race Situation”. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Malicious code in payment-tx-params-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6861efcfa7f8e30a646e9a76387e80446245c2f7ce4966e55da1c8e6d34fcd9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12020 Malicious code in payment-tx-params-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6861efcfa7f8e30a646e9a76387e80446245c2f7ce4966e55da1c8e6d34fcd9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-45262
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...
CVE-2024-47683
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link why Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOP...
CVE-2024-47720 drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for setoutputgamma in dcn30setoutputtransferfunc This commit adds a null check for the setoutputgamma function pointer in the dcn30setoutputtransferfunc function. Previously, setoutputgamma was bei...
CVE-2024-47683 drm/amd/display: Skip Recompute DSC Params if no Stream on Link
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link why Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOP...
CVE-2024-47683 drm/amd/display: Skip Recompute DSC Params if no Stream on Link
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link why Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOP...
CVE-2024-47683 drm/amd/display: Skip Recompute DSC Params if no Stream on Link
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link why Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOP...
CVE-2024-25282
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25283
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25282
3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring...
CVE-2024-25282
Redsys 3DSecure 2.0 (3DS Method Authentication) is reported vulnerable to Cross‑Site Scripting (XSS) via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn=... path. Root cause: insufficient sanitization/validation of the params field, which is base64-enco...
CVE-2024-25282
...
Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from th...
CVE-2024-45813
CVE-2024-45813 affects the find-my-way HTTP router. A bad regular expression is generated when two parameters exist within a single segment, notably with a trailing dash (e.g., ":/a-:b-"). This can lead to a Denial of Service in some cases. Affected versions require upgrade to find-my-way v8.2.2 ...